Re: Way Forward

Russ Housley <housley(_at_)spyrus(_dot_)com> writes:

The attack is probably impossible to mount using S/MIME against a 
human-operated mail agent; however, I am not convinced that a mail list 
agent (or other automated mail agent) would be immune.  Further, CMS is 
being used in many environments, not just S/MIME, and some of those 
environments may have issues.

Understood, but it's trivial to patch these S/MIME agents to
be completely immune to this attack without compromising compatibility.

OAEP have been available for years.  PKCS#1 v2.0 includes it.  I do not 
think that it is immature.

That's not the issue that I am concerned with. Rather, I'm concerned
with introducing gratuitous incompatibilities.

-Ekr

<Prev in Thread]	Current Thread	[Next in Thread>
Way Forward, Russ Housley Re: Way Forward, Eric Rescorla Re: Way Forward, Terry Hayes Re: Way Forward, Russ Housley Re: Way Forward, Eric Rescorla <= Re: Way Forward, Paul Hoffman / IMC Re: Way Forward, Russ Housley Re: Way Forward, Bob Relyea Re: Way Forward, Eric Rescorla Re: Way Forward, Russ Housley Re: Way Forward, Aram Perez RE: Way Forward, John G Ross Re: Way Forward, Eric Rescorla Re: Way Forward, Dr Stephen Henson Re[2]: Way Forward, Maxim Masiutin

Previous by Date:	Re: Comments on draft-ietf-smime-cms-rsaes-oaep-01.txt, Russ Housley
Next by Date:	Re[2]: Way Forward, Russ Housley
Previous by Thread:	Re: Way Forward, Russ Housley
Next by Thread:	Re: Way Forward, Paul Hoffman / IMC
Indexes:	[Date] [Thread] [Top] [All Lists]